Linux Firewalls: Attack Detection and Response with iptables, psad, and fwsnort
By Michael Rash
* Publisher: No Starch Press
* Number Of Pages: 336
* Publication Date: 2007-09-15
* ISBN-10 / ASIN: 1593271417
* ISBN-13 / EAN: 9781593271411
* Binding: Paperback
System administrators need to stay ahead of new security vulnerabilities that leave their networks exposed every day. A firewall and an intrusion detection systems (IDS) are two important weapons in that fight, enabling you to proactively deny access and monitor network traffic for signs of an attack.
Linux Firewalls discusses the technical details of the iptables firewall and the Netfilter framework that are built into the Linux kernel, and it explains how they provide strong filtering, Network Address Translation (NAT), state tracking, and application layer inspection capabilities that rival many commercial tools. Youll learn how to deploy iptables as an IDS with psad and fwsnort and how to build a strong, passive authentication layer around iptables with fwknop.
Concrete examples illustrate concepts such as firewall log analysis and policies, passive network authentication and authorization, exploit packet traces, Snort ruleset emulation, and more with coverage of these topics:
Passive network authentication and OS fingerprinting iptables log analysis and policies Application layer attack detection with the iptables string match extension Building an iptables ruleset that emulates a Snort ruleset Port knocking vs. Single Packet Authorization (SPA) Tools for visualizing iptables logs Perl and C code snippets offer practical examples that will help you to maximize your deployment of Linux firewalls. If youre responsible for keeping a network secure, youll find Linux Firewalls invaluable in your attempt to understand attacks and use iptables-along with psad and fwsnort-to detect and even prevent compromises.Summary: One of the best technical books published in 2007Rating: 5Disclaimer: I wrote the foreword for this book, so obviously I am biased. However, I am not financially compensated for this books success. In the foreword I note that Linux Firewalls is a "great book." As a FreeBSD user, Linux Firewalls is good enough to make me consider using Linux in certain circumstances! Mikes book is exceptionally clear, organized, concise, and actionable. You should be able to read it and implement everything you find by following his examples. You will not only learn tools and techniques, but you will be able to appreciate Mikes keen defensive insights. The majority of the worlds digital security professionals focus on defense, because offense is left to the bad guys, police, and military. I welcome books like Linux Firewalls that bring real defensive tools and techniques to the masses in a form that can be digested and deployed for minimum cost and effort. One of the main reasons Linux Firewalls is a great book is that Mike Rash is an excellent writer. Ive read (or tried to read) plenty of books that seemed to offer helpful content, but the author had no clue how to deliver that content in a readable manner. Linux Firewalls makes learning network security an enjoyable experience. Mike is exceptionally detail-oriented (see the RST vs RST ACK issue on p 63 and elsewhere) and he often cites sources and additional references. Linux Firewalls very nicely integrates sample network traffic to make numerous points; Ch 11 has several great examples. The sections on Fwsnort even improved my understanding of Snort itself. The bottom line is that if you are a user of non-Microsoft operating systems (Linux, BSD, etc.) and you want to know how Linux can help defend your network, you will enjoy reading Linux Firewalls. Summary: Nice, accurate and interesting. Not like other books about firewalls.Rating: 5When I bought "Linux Firewalls" I was expecting a good book because I already knew that the work of Michael Rash is excellent. However, I expected the traditional Iptables handbook that looks more like a "man page". Surprisingly I found that the book was much better than that. Instead of detailing every single feature of the Iptables infrastructure, Michael Rash explains how Iptables can be used as a powerful (and free) Intrusion Detection/Prevention System. To achieve that, Rash presents three open source tools developed by himself: psad, an iptables-based port scan detector, fwsnort, a tool that translates snort rules into iptables sentences, and fwknop, a Port Knocking and SPA authentication system. The book is very practical. Its amazing how everything is presented so clearly and with such useful examples. The author first introduces the potential threats that are associated with the Network Layer, Transport Layer and Application Layer (I loved those chapters). Then he starts discussing the detection of malicious attackers that try to break into the system. Finally he presents active response mechanisms against attackers and ways to secure the whole system with additional layers of security. The book is great if what you want is to secure your Linux system using IPtables and the open source tools developed by Rash. Rash is an expert on firewalls and intrusion detection systems. If you follow his suggestions youll build a very secure system. Firewall enthusiasts and TCP/IP fans will also enjoy reading the book because its written by a geek and its written for geeks. However, if you are looking for an Iptables handbook, you are looking for a theoretical book about Firewalls or you want to use other tools than the ones presented in the book, then "Linux Firewalls" may not be the best option for you. Summary: VERY VERY HIGHLY RECOMMENDED!!Rating: 5Do you have any familiarity with TCP/IP networking concepts and Linux system administration? If you do, then this book is for you. Author Michael Rash, has done an outstanding job of writing a book that concentrates on network attacks--detecting them and responding to them. Rash, begins with an introduction to packet filtering with iptables, including kernal build specifics and iptables administration. Then, the author shows the types of attacks that exist in the network layer and what you can do about them. Next, he illustrates classes of application layer attacks that iptables can be made to detect, and introduces you to the iptables string match extension. The author also discusses installation and configuration of psad, and shows you why it is important to listen to the stories that iptables logs have to tell. He continues by introducing you to advanced psad functionality, including integrated passive OS fingerprinting, Snort signature detection via packet headers, verbose status information, and Dshield reporting. Then, the author discusses the culmination of the attack detection and mitigation strategies that are possible with iptables. Next, he compares and contrasts two passive authorization mechanisms: port knocking and SPA. The author continues by showing you how to install and make use of fwknop together with iptables to maintain a default-drop stance against all unauthenicated and unauthorized attempts to connect to your SSH daemon. Finally, the author wraps up with some graphical representations of iptables log data. This most excellent book takes on a highly applied approach. In other words, after reading this book, you will be armed with a strong working knowledge of how network attacks are detected and dealth with via iptables.
RapidShare: 1-CLICK Web hosting - Easy Filehosting